Where did you get those files? I think they are falsified!
BE VERY CAREFUL and don't run it.
- My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not
lannwj@gmail.com either)
- There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file.
I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1:
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/SHA256SUMS.asc
$ gpg < SHA256SUMS.asc | sha256sum -c --ignore-missing
gpg: Signature made Tue 19 Sep 2017 02:16:05 PM CEST
gpg: using RSA key 0x90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) " [ultimate]
bitcoin-0.15.0.1-osx.dmg: OK
Do not run any dmg or other binary until you get an output like this.
Thanks Wladimir. I spelled incorrect name and email when I post this topic.ou
I run the command in your reply and 'good signature' shows. Thanks a lot. But I'm still wondering why I failed, since normally I use the following way to check pgp, and it works for electrum and dash wallet. Would you mind to get me hints?
Here is what I did to check the signature:
1. Dowload the 'bitcoin-0.15.0.1-osx.dmg' and 'SHA256SUMS.asc'.
2. 'touch bitcoin-0.15.0.1-osx.dmg.asc' file and copy the signature part from 'SHA256SUMS.asc' file.
3. run 'gpg2 --verify bitcoin-0.15.0.1-osx.dmg.asc bitcoin-0.15.0.1-osx.dmg'.